Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

An anonymous reader writes "On the Spotify company blog, CTO Oskar Stål apologized to users and said there has been a security breach at Spotify, where some systems and internal company data was accessed without permission. Evidence given suggests only one Spotify user's account was accessed and that no security or payment information was taken. As a security step, Spotify has announced they are releasing an updated Android application over the coming days, as well as requiring some users to re-enter their login details."

Rewriting history there - the Facebook "integration" came later, when it was released here in the Nordic countries it was just a login/pass. I don't think it was ever mandatory though? At least, as an existing customer, I've never needed to link my Spotify account to Facebook.

I initially didn't join Spotify because of the Facebook requirement. They added their own authentication system later.

It's possible that this was different for non-American users, but tepples post was correct, and assuming that Spotify is an American company, you're the one rewriting history based on a foreign experience.

I created my account in August of 2011, and I did not integrate with Facebook. I still have the original email telling me that I'll need to log in with the username I created and a password. Facebook integration definitely came after the initial launch in the US. Perhaps you found out about Spotify after September 2011? From the Spotify wikipedia article:

On 26 September 2011, it was announced that all new accounts would require users to access via a Facebook login[84] but the sign-up restriction was lat

It was mandatory when Spotify launched in Slashdot's home country. It went from "not available in USA" to "we outsource identity management to Facebook to make sure that a real person is listening" to "login with Facebook or create a new account"

1 account only was hacked? This sounds like someone who was trying to prove that a flaw exists in their security.
I'm guessing there is more to this story to come - this sounds like they are setting things up to go after this 'hacker'' that caused the security breach. If it was someone trying to do something malicious there would be more accounts pulled. Even if it was someone who was just curious to see if they could do it wouldn't have just stopped at one but someone who is trying to playing the role of a white hat would potentially only do this on one single account.
I'll be really disappointed if that's what it turns out to be and Spotify decides to prosecute.

1 account only was hacked? This sounds like someone who was trying to prove that a flaw exists in their security.

I'm guessing there is more to this story to come - this sounds like they are setting things up to go after this 'hacker'' that caused the security breach. If it was someone trying to do something malicious there would be more accounts pulled. Even if it was someone who was just curious to see if they could do it wouldn't have just stopped at one but someone who is trying to playing the role of a white hat would potentially only do this on one single account.

I'll be really disappointed if that's what it turns out to be and Spotify decides to prosecute.

Or the person hacked was a high level employee who had the same password for his music account as he did for his corporate account. Keys to the kingdom and all...

I had my account 'hacked' and the email address changed. I went through a few days of email exchanges with Spotify support before they would restore access. I've had an account since before FB authentication, but I still have a difficult time believing mine is the only one...

Sure, I suppose it's possible to guess my password, but it's very unlikely. Definitely not in any dictionary, upper case, lower case, numbers, and symbols. If I were a betting man, I'd bet the whole retirement account that my password wasn't guessed.

As Spotify's DBA, I personally reviewed the log from the hacking session. There was only 1 user that appeared in the SQL query... strange guy with "*" as his username (no quotes) and he kept showing up in the SELECT queries.

As Spotify's DBA, I personally reviewed the log from the hacking session. There was only 1 user that appeared in the SQL query... strange guy with "*" as his username (no quotes) and he kept showing up in the SELECT queries.

The translator still converted their language into english. It's just that their whole language was metaphors.

Let's say two persons are talking about sanitizing database inputs. If someone says "Little Bobby Tables", there's a whole explanation and concept behind that without needing to further explain anything else.

Yep, here on/. everyone knows all of the xkcd comics. Except of course for ArcadeMan, who has apparently forgotten "Ten Thousand", aka "Diet Coke and Mentos, the second one, not the dad one".http://xkcd.com/1053/ [xkcd.com]

I wouldn't be surprised if this is in part a way of ensuring that all data breach notification law requirements are met by broadcasting the notification in such a way that no agency or person can claim to have not been aware (even if they claim they didn't receive notification directly).